Has Your Employee Already Sold Your Access?
Insider threat assessment: audit of misuse by current or terminated employees, DLP validation, role segregation, leakage via sanctioned channels.
Why now
The real pain
Insiders cause more damage than external attackers — and almost nobody tests it. Sales reps copy the customer base before resigning. BPO operators leak data for BRL 200. IT has a shared admin credential dating back 6 years. It's not theory, it's daily practice in Brazil. ANS, BACEN and LGPD cases start from inside.
References and threat actors
/attack-surface
Ameaça Interna · Insider
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Privilege and ACL audit
Who has access to what. Mapping over-privileged accounts, orphan accounts, excessive last-login.
Segregation of duties (SoD)
Function conflicts (approver + executor), SoD matrix validation in ERP, HR, finance.
Functional DLP
Validation whether DLP detects exfiltration via personal email, personal drive, USB, AirDrop, printing, screenshots.
Technical off-boarding
Audit of termination process: orphan SaaS, unrevoked personal certs, active VPN access.
BPO and third-party
External operator access — call center, accounting, marketing. Frequently forgotten.
Logging and alerting
Do critical events (mass downloads, off-hours access, anomalous geolocation) become actionable alerts?
Internal phishing simulation
Security culture validation via authorized campaign. Targeted training.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Cases in fintech (compromised BPO), healthcare (shared IT) and public sector (employee with eternal access).
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/crivo · integrity program
of pentester candidates fail our Crivo screening
Do you know who's getting access to your environment?
NDAs work in court. They don't work day-to-day. Before first access, every pentester on our team passes background, psychometric profile and integrity testing.
- In-depth criminal, fiscal and professional verification
- Psychometric assessment and risk profile
- Practical integrity testing with controlled scenarios
- Fixed team — non-rotating, no 'stranger every engagement'
/faq
FAQ — Ameaça Interna · Insider
Is it different from internal pentest?
Yes. Internal pentest simulates an external attacker who got in. Insider assessment simulates a current or former employee — with legitimate access and process knowledge. Vectors and detection differ.
Do you 'test' real employees?
Only with explicit authorization within the employment contract. Authorized phishing simulation in educational campaign, yes. Collecting info on employees without consent, no — violates LGPD and HR.
Does it cover outsourced BPO?
Yes. BPO is often the weakest link. We audit access, segregation, logs and contract clauses. We always recommend including it in scope.
How much does it cost?
BRL 30-80k for mid-size company (up to 500 employees). BRL 80-200k for large (multi-site, BPO, multi-country). Includes governance tabletop.
/contact
Audit internal risk
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.